A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A secure IP telephony system, the system comprising: a Cable Telephony Adapter (CTA) coupled to an IP telephony network and comprising a public/private key pair and a public key certificate signed by a certificate authority; a Key Distribution Center (KDC) coupled to the IP telephony network and configured to generate a ticket and session key to the CTA in response to a request from the CTA and distribute the session key to the CTA using public key encryption; and a signaling controller coupled to the IP telephony network and configured to receive the ticket in a set up request from the CTA and generate and distribute a symmetric sub-key to the CTA in response to the set up request in a reply message, wherein both the call set up request and the reply message are encrypted using the session key, wherein the ticket includes an identity of the CTA, an identity of the signaling controller, and an expiration time.
2. The system of claim 1 , wherein the CTA establishes a secure session with the signaling controller based on the sub-key.
3. The system of claim 1 , wherein the KDC is configured to distribute a Kerberos ticket to the CTA in a Kerberos exchange.
4. The system of claim 1 , wherein the signaling controller is further configured to generate an end to end sub-key and send it both to the CTA and to a destination device.
5. The system of claim 4 wherein the CTA and the destination device derive at least one symmetric bearer traffic key from the end to end sub-key.
6. The system of claim 4 , wherein the destination device is associated with a remote signaling controller and wherein the signaling controller delivers the end to end sub-key to the destination device via the remote signaling controller.
7. The system of claim 4 wherein the CTA and the destination device derive at least one symmetric signaling key from the end to end sub-key.
8. The system of claim 7 , wherein the at least one symmetric signaling key comprises: an Hash-based Message Authentication Code (HMAC) key; and a Data Encryption Standard (DES) key.
9. The system of claim 8 , wherein the HMAC key comprises a 160-bit Secure Hash Algorithm (SHA-1) HMAC key.
10. The system of claim 8 , wherein the DES key comprises a 168-bit 3 DES key.
11. The system of claim 7 , wherein the at least one symmetric bearer traffic key comprises at least one 3 DES key.
12. The system of claim 11 , wherein the at least one 3 DES key comprises a first 168-bit 3-key 3 DES key for encrypting a transmit direction and a second, distinct 168-bit 3-key 3 DES key for encrypting a receive direction.
13. The system of claim 1 , wherein the signaling controller is further configured to distribute an end to end sub-key to a destination device.
14. The system of claim 13 , wherein the CTA is configured to communicate with the destination device using symmetric encryption keys derived from the end to end sub-key.
15. The system of claim 13 , wherein the CTA is configured to communicate bearer channel traffic with the destination device using RTP packets encrypted with a at least one symmetric key derived from the end to end sub-key.
16. The system of claim 13 , wherein the CTA is configured to communicate encrypted signaling messages with the destination device using an IPsec ESP session with at least one symmetric key derived from the end to end sub-key.
17. The system of claim 13 , wherein the destination device comprises a remote CTA coupled to the IP telephony network.
18. The system of claim 13 , wherein the destination device comprises a Plain Old Telephone Service (POTS) gateway coupled to the IP telephony network.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 23, 2009
September 24, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.